JP2018120468A - Authentication device - Google Patents

Abstract

An object of the present invention is to prevent an electronic value from being illegally acquired by a terminal of a user who does not visit a store or to detect afterwards that an electronic value has been illegally acquired.
A server includes a communication unit that acquires environmental information related to at least one of air temperature, atmospheric pressure, geomagnetism, and humidity in the terminal, and a communication unit that acquires a supply time of the electronic value related to the store to the terminal. 21 and the environment information at the supply time specified from the acquisition result of the communication unit 21 and the setting in advance corresponding to the store 5 in order to authenticate that the terminal 10 is located in the store 5 at the supply time. A comparison unit 22 that compares the reference environment information.
[Selection] Figure 2

Description

  The present invention relates to an authentication device for authenticating the position of a terminal.

  Services for supplying electronic value such as stamps and coupons to terminals such as smartphones carried by customers who visit stores are being put into practical use. For example, Patent Document 1 describes a method in which an ultrasonic signal emitted from a store or the like is received by a terminal, and a coupon or the like is acquired based on identification information included in the ultrasonic signal.

JP 2014-0238673 A

  For example, a method of supplying electronic value to a terminal using a short-range wireless signal such as a beacon signal instead of the ultrasonic signal as in Patent Document 1 is also conceivable. In recent years, however, it can happen that beacon signals are spoofed. When the camouflaged beacon signal is used in a place different from the store, there is a possibility that the electronic value is illegally acquired by the terminal of the user who has not visited the store.

  The present invention has been made in view of the above problems, and it is possible to suppress the electronic value from being illegally acquired by a terminal of a user who does not visit the store or to detect afterwards that the electronic value has been illegally acquired. With the goal.

  The authentication device according to one aspect of the present invention includes an environment information acquisition unit that acquires environment information related to at least one of air temperature, atmospheric pressure, geomagnetism, and humidity in a terminal, and a time that acquires a supply time of electronic value related to a store to the terminal In order to authenticate that the terminal was located at the store at the information acquisition means and the supply time, the environment information at the supply time specified from the acquisition results of the environment information acquisition means and the time information acquisition means, and the store Comparing means for comparing with reference environment information set in advance correspondingly.

  According to the above authentication device, in order to authenticate that the terminal is located in the store at the electronic value supply time, the environment information at the terminal at the electronic value supply time, the preset reference environment information, Are compared. Here, if the user of the terminal actually visits the store, the environment information at that time becomes environment information specific to the store, but it is considered difficult to disguise the same environment information in another place. For example, if such environment information that is difficult to be camouflaged is used as reference environment information and the above-described comparison is performed, the terminal was located in the store at the electronic value supply time based on the comparison result (terminal user) Can actually authenticate to the store). For example, if the electronic value before being activated at the store is supplied to the terminal, then the electronic value related to the electronic value is activated only when it is authenticated that the user of the terminal has actually visited the store. If this is not the case, the electronic value is not validated by preventing the electronic value from being illegally acquired by the terminal of the user who does not visit the store. If the electronic value after being activated at the store is supplied to the terminal, then the fact that the electronic value was illegally acquired when the terminal user is not authenticated to actually visit the store Can be detected.

  An authentication apparatus according to an aspect of the present invention includes a reception history acquisition unit that acquires reception histories at terminals of transmission signals from a plurality of transmitters, and a time information acquisition unit that acquires a supply time of electronic value related to a store to a terminal. In order to authenticate that the terminal was located in the store at the supply time, the terminal in the time zone determined based on the supply time specified from the acquisition results of the reception history acquisition means and the time information acquisition means Comparing means for comparing the movement route with a reference movement route set in advance corresponding to the store.

  According to this authentication apparatus, in order to authenticate that the terminal was located in the store at the electronic value supply time, the terminal movement path in a time zone determined based on the electronic value supply time, and a preset value are set. Is compared with the reference travel path. Here, if the user of the terminal actually visits the store, the travel route at that time is a travel route specific to the store, but it is considered difficult to disguise the same travel route at another location. For example, if such a travel route that is difficult to be camouflaged is used as the reference travel route and the above-described comparison is performed, it is possible to authenticate that the user of the terminal has actually visited the store based on the comparison result. Therefore, as described above, it is possible to suppress the electronic value from being illegally acquired by a terminal of a user who does not visit the store, or to detect after the fact that the electronic value has been illegally acquired. .

  According to the present invention, it is possible to suppress the electronic value from being illegally acquired by a terminal that does not visit the store or to detect after the fact that the electronic value has been illegally acquired.

It is a figure for demonstrating the outline | summary of an authentication system. It is a figure which shows the example of the functional block of a terminal and a server. It is a figure for demonstrating the example of the authentication based on environmental information. It is a figure for demonstrating the example of the authentication based on a reception history. It is a flowchart which shows the example of the process performed in an authentication system. It is a figure which shows the example of the hardware constitutions of a terminal and a server.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the description of the drawings, the same elements are denoted by the same reference numerals, and redundant descriptions are omitted.

  First, an overview of the authentication system 1 according to the embodiment will be described with reference to FIG. FIG. 1 shows a situation where a user U who carries the terminal 10 visits a store 5. The terminal 10 is a mobile communication terminal such as a smartphone. In the store 5, a service for supplying (giving) electronic value such as an electronic stamp and an electronic coupon to the terminal 10 of the user U who has visited the store 5 is provided. The electronic value is supplied, for example, by bringing the device 6 that transmits a beacon signal including electronic value data close to (or in contact with) the terminal 10 and causing the terminal 10 to receive the beacon signal from the device 6. However, the method of supplying electronic value is not limited to this. For example, the electronic value may be supplied by the terminal 10 reading an identifier such as a barcode (including a two-dimensional barcode) presented at the store 5.

  Incidentally, in recent years, transmitters constituting a short-range wireless communication area (hereinafter simply referred to as “wireless area”) such as a Wi-Fi access point have been installed in various places. Many stores are located in the radio area of such transmitters. In the example shown in FIG. 1, the store 5 may be located in the wireless area of the transmitter 3. The terminal 10 is configured to be able to receive a transmission signal from a transmitter (including the transmitter 3) installed at various places as described above. Furthermore, the terminal 10 acquires environmental information regarding temperature, atmospheric pressure, geomagnetism, humidity, and the like. The received signal reception history at the terminal 10 and the environment information acquired at the terminal 10 are transmitted to the server 20 that can communicate with the terminal 10. The server 20 functions as an authentication device for authenticating that the terminal 10, that is, the user U is located in the store 5 at a certain time (or time zone) according to the principle described later.

  FIG. 2 is a diagram illustrating an example of functional blocks of the terminal 10 and the server 20. First, the terminal 10 will be described. The terminal 10 includes an environment sensor 11, a data acquisition unit 12, a signal reception unit 13, a storage unit 14, and a communication unit 15.

  The environmental sensor 11 detects environmental information in the terminal 10. The environment sensor 11 may include at least one function of an air temperature sensor, an atmospheric pressure sensor, a magnetic sensor, and a humidity sensor, or a function that combines these functions. The environmental information includes at least one of sensor values of temperature, pressure, geomagnetism, and humidity in the terminal 10. The geomagnetic sensor value may include the magnitude and direction (for example, a value corresponding to the direction) of the magnetic field.

  The data acquisition unit 12 is a part that acquires electronic value data. The data acquisition part 12 acquires the electronic value data contained in the said beacon signal, for example by receiving the beacon signal from the apparatus 6 (FIG. 1) demonstrated previously. Further, the electronic value data may include information on a store (such as the store 5 in FIG. 1) that provides the electronic value data in addition to the electronic value described above. The store information related to the electronic value data is information for specifying the store, such as the name and location of the store. In one embodiment, the electronic value included in the electronic value data acquired by the data acquisition unit 12 is the electronic value before being validated and cannot be used immediately. In this case, the electronic value is validated after it is authenticated that the terminal 10 is located in the store 5 at the time (or time zone) when the electronic value data is supplied to the terminal 10 according to the principle described later. The In one embodiment, the electronic value included in the electronic value data acquired by the data acquisition unit 12 can be used immediately by being activated at the time of supply or already activated at the time of supply, for example. . In this case, if it is not authenticated that the terminal 10 is located in the store 5 at the time (or time zone) when the electronic value data is supplied to the terminal 10, the fact that the electronic value has been illegally acquired is later Detected. In the following description, it is assumed that the electronic value data supplied to the terminal 10 in the store 5 is electronic value data acquired by the data acquisition unit 12 unless otherwise specified.

  The signal receiving unit 13 is a part that receives a transmission signal from a transmitter. The signal receiving unit 13 receives a transmission signal from the transmitter when the terminal 10 is located in a wireless area (Wi-Fi access point or the like) of the transmitter. As the terminal 10 moves, the signal receiving unit 13 receives transmission signals from a plurality of transmitters (including the transmitter 3 in FIG. 1) installed in various places as described above. The transmission signal includes identification information (for example, transmitter ID) for specifying the transmitter. When receiving the transmission signal, the signal receiving unit 13 also acquires the reception intensity of the transmission signal. Furthermore, the signal receiving unit 13 also receives a signal (such as a cellular signal) from a mobile phone radio base station. The radio area (cell) of the radio base station is wider than the radio area of the transmitter 3, for example. The cellular signal includes identification information (for example, base station ID) for specifying the radio base station. When receiving the cellular signal, the signal receiving unit 13 also acquires the reception intensity of the cellular signal.

  The memory | storage part 14 is a part which memorize | stores various information. Specifically, the storage unit 14 stores the environment information acquired by the environment sensor 11 in association with the acquisition time of the environment information. The storage unit 14 corresponds the electronic value data acquired by the data acquisition unit 12 to the acquisition time of the electronic value data (that is, the supply time of the electronic value data to the terminal 10) and the store information related to the electronic value data. Then remember. The memory | storage part 14 memorize | stores the information which matched the reception time of the transmission signal received by the signal receiving part 13, transmitter ID, and the reception intensity | strength of a transmission signal as a reception history of a transmission signal.

  The communication unit 15 is a part that communicates with the server 20. For example, the communication unit 15 transmits the environment information, the supply time of the electronic value data, the store information related to the electronic value data, the reception history, and the like in the terminal 10 to the server 20.

  Next, the server 20 will be described. The server 20 includes a communication unit 21, a comparison unit 22, an authentication unit 23, a reference creation unit 24, and a storage unit 25.

  The communication unit 21 is a part that communicates with the communication unit 15 of the terminal 10. The communication unit 21 is a part (environment information acquisition means) that acquires the above-described environment information. The communication unit 21 is also a part (time information acquisition unit) that acquires the supply time of the electronic value data described above. At that time, store information related to the electronic value data is also acquired. The communication unit 21 is also a part (reception history acquisition unit) that acquires the above-described reception history.

  The comparison unit 22 is a part (comparison means) that performs comparison processing described below in order to authenticate that the terminal 10 is located in the store 5 at the time when the electronic value data is supplied to the terminal 10. Hereinafter, as a specific example of the comparison process, two types of comparison processes, a first comparison process and a second comparison process, will be described. The comparison unit 22 executes at least one of the first and second comparison processes.

[First comparison process]
In the first comparison process, the environment information, the supply time of the electronic value data, and the store information related to the electronic value data acquired by the communication unit 21 are used. The comparison unit 22 compares the environment information at the supply time with the reference environment information. The reference environment information is environment information set in advance corresponding to the store specified by the store information (store 5 in this example), is generated by a reference creation unit 24 described later, and is stored in the storage unit 25. The comparison unit 22 can use the reference environment information corresponding to the store specified by the store information by referring to the storage unit 25.

  An example of the first comparison process will be described with reference to FIG. FIG. 3A shows a state where the user U (FIG. 1) of the terminal 10 visits the store 5. The electronic value data is supplied to the terminal 10 using the device 6 when the terminal 10 stays at the store 5. The route R1 is a movement route of the terminal 10 until the user U of the terminal 10 visits the store 5, that is, until electronic value data is supplied. The route R2 is a movement route of the terminal 10 after the user U of the terminal 10 visits the store 5, that is, after electronic value data is supplied.

  FIG. 3B is a graph showing environmental information in the terminal 10 accompanying the movement of the terminal 10 shown in FIG. The horizontal axis of the graph indicates time, and the vertical axis of the graph indicates the acquired value (sensor value) of the environmental sensor 11. In this example, two types of sensor values are shown: a sensor value indicated by a solid line and a sensor value indicated by a broken line. These sensor values are, for example, temperature (degrees) and atmospheric pressure (hPa). In the graph, a time zone between time t1 and time t2 is a time zone determined based on the supply time of the electronic value data (hereinafter referred to as “supply time zone”). For example, the supply time of electronic value data is time t1, and a time zone from the time t1 until a predetermined time T (in this case, T = t2-t1) may be set as the supply time zone. The supply time of the electronic value data may be a time t2, and a time zone that goes back a predetermined time T from the time t2 may be a supply time zone. The supply time of the electronic value data may be a time between time t1 and time t2.

  The comparison unit 22 (FIG. 2) compares the environment information at the supply time of electronic value data (time t1, time t2, or a time between them) with reference environment information. The comparison result is, for example, a result of whether or not the sensor value matches the reference value. If the difference between the sensor value and the reference value is less than the predetermined value, it may be determined that both match, and otherwise they do not match. It should be noted that various types of sample data may be machine-learned by the comparison unit 22, and the matching / mismatching determination may be performed based on the result of the machine learning. The same applies to the comparison methods described below.

  Further, the comparison unit 22 may compare the environment information in the electronic value data supply time zone (time zone from time t1 to time t2) with the reference environment information. The comparison result in this case is a result of whether or not the sensor value in the supply time zone matches the reference value. For example, it may be determined that the sensor value and the reference value are exactly the same over the supply time period, or the behavior is similar when the sensor value is the same as the reference value, and the other is not the same when the behavior is not similar. The similarity determination method is not particularly limited. For example, the average value of the sensor values and the average value of the reference values in the supply time period are calculated, and when the difference between the calculated average values is smaller than a predetermined value, It may be judged that they are similar.

  Here, in FIG. 3B, it is assumed that the difference between the sensor value and the reference value is less than a predetermined value. That is, the comparison result by the comparison unit 22 is a comparison result of “match”.

  On the other hand, FIG. 3C shows a state where the user U of the terminal 10 does not visit the store 5 and the electronic value data is supplied using the device 6E provided in a place different from the store 5. ing. The device 6E is a disguised device that disguises and transmits the same signal as the transmission signal of the device 6. The route R3 is a movement route of the terminal 10 until the electronic value data is supplied. The route R4 is a movement route of the terminal 10 after the electronic value data is supplied.

  (D) of FIG. 3 is a graph which shows the change of the environmental information in the terminal 10 accompanying the movement of the terminal 10 shown in (c) of FIG. Here, the time zone between time t3 and time t4 corresponds to the supply time zone of the electronic value data. The location where the electronic value data is supplied from the device 6 to the terminal 10 as shown in FIG. 3A and the location where the electronic value data is supplied from the device 6E to the terminal 10 as shown in FIG. Since they are different, the sensor values in the electronic value data supply time zone are also greatly different between the case of FIG. 3B and the case of FIG. 3D. As described above, in the case of FIG. 3B, it is determined that the sensor value matches the reference value. Therefore, in the case of FIG. 3D, it is determined that the sensor value and the reference value do not match.

  The comparison result of the comparison unit 22 described above with reference to FIG. 3 can be used to authenticate that the terminal 10 is located in the store 5 when the electronic value data is supplied.

[Second comparison process]
Returning to FIG. 2 again, in the second comparison process, the reception history in the terminal 10, the supply time of the electronic value data, and the store information related to the electronic value data, which are acquired by the communication unit 21, are used. Specifically, the comparison unit 22 specifies the movement route of the terminal 10 in the time zone determined based on the supply time of the electronic data from the reception history in the terminal 10. As described above, since the reception history can include the reception time, the transmitter ID, and the reception intensity, the movement of which terminal 10 passed through the wireless area of which transmitter in which order using the reception history. The route can be specified. When a plurality of signals are received at the same time, for example, the movement path may be specified as if the terminal 10 passed through the radio area of the transmitter of the signal having the highest reception intensity. Then, the comparison unit 22 compares the identified travel route of the terminal 10 with the reference travel route. The reference movement route is a movement route set in advance for the store specified by the store information (store 5 in this example), and is generated by the reference creation unit 24 described later and stored in the storage unit 25. The comparison unit 22 can use the reference movement route corresponding to the store specified by the store information by referring to the storage unit 25. A plurality of reference movement routes may exist for the same store 5.

  An example of the second comparison process will be described with reference to FIG. In FIG. 4, the movement route of the terminal 10 when the user U of the terminal 10 indicated by the solid line actually visits the store 5 is shown as a route R5 and a route R6. The route R5 is a movement route until the user U of the terminal 10 visits the store, that is, until electronic value data is supplied. The route R6 is a movement route after the user U of the terminal 10 visits the store, that is, after electronic value data is supplied. The movement path of the terminal 10 passes through some radio areas of the radio area of the transmitter and the radio area of the base station installed in various places. In FIG. 4, areas W2 to W9 are shown as radio areas of the transmitter, and areas C1 to C3 are shown as radio areas of the base station. The terminal 10 passes through the area C2, the area W6, the area C1, and the area W2 in this order, then receives supply of electronic value data from the device 6, and further passes through the area W3.

  The comparison unit 22 (FIG. 2) compares the movement route of the terminal 10 and the reference route. The comparison result is, for example, a result of whether or not the type and order of the area through which the moving path of the terminal 10 passes matches the type and order of the area through which the reference moving path passes. Here, the movement route may be a movement route of the terminal 10 in a time zone (hereinafter referred to as “movement time zone”) determined based on the supply time of the electronic value data to the terminal 10. The travel time zone may include a time zone until the electronic value data is supplied to the terminal 10. For example, a time zone having a predetermined time width including the supply time of the electronic value data may be set as the travel time zone. In this case, the movement route may include a route R5 and a route R6. A time period until a predetermined time elapses from the supply time of the electronic value data may be a movement time period. In this case, the movement route may include a route R6. A time zone that goes back a predetermined time from the supply time of the electronic value data may be a travel time zone. In this case, the movement route may include a route R5.

  Here, in FIG. 4, it is assumed that the movement route (for example, route R5 and / or route R6) of terminal 10 and the reference movement route coincide with each other. That is, the comparison result by the comparison unit 22 is “match”. As described above, a plurality of reference movement paths may exist for the same store 5, and in that case, when the movement path of the terminal 10 matches any of the reference movement paths, The comparison result by the comparison unit 22 is a result of “match”. There may be a plurality of reference movement paths, and other reference movement paths may include areas W4 and / or W5 instead of area W3 or together with area W3.

  On the other hand, like the terminal 10 indicated by a virtual line in FIG. 4, the user U of the terminal 10 does not visit the store 5, and the device 6 </ b> E provided at a place different from the store 5 is used, and the electronic value data Are shown as route R7 and route R8. The route R7 is a movement route of the terminal 10 until the electronic value data is supplied. The route R8 is a movement route after the electronic value data is supplied. In this case, after passing through the area C3 and the area W7 in this order, the terminal 10 receives supply of electronic value data from the device 6E, and then further passes through the area W9. Since the place where the electronic value data is supplied from the device 6 to the terminal 10 is different from the place where the electronic value data is supplied from the device 6E to the terminal 10, the movement path of the terminal 10 in each movement time zone is also large. Is different. As described above, it is determined that the movement path of the terminal 10 that has received the electronic value data from the device 6 matches the reference movement path. Therefore, it is determined that the movement path of the terminal 10 that has received the electronic value data from the device 6E does not match the reference movement path.

  The comparison result of the comparison unit 22 described above with reference to FIG. 4 can also be used to authenticate that the terminal 10 is located in the store 5 when the electronic value data is supplied.

  Returning to FIG. 2 again, the authentication unit 23 is a part that authenticates that the terminal 10 is located in the store 5 at the supply time of the electronic value data based on the comparison result of the comparison unit 22. Specifically, when the result of the comparison unit 22 is a result of “matching” as described above, the authentication unit 23 indicates that the terminal 10 was located in the store 5 at the supply time of the electronic value data, Furthermore, it is authenticated that the electronic value data supplied to the terminal 10 is legitimately acquired. When authentication by the authentication unit 23 is performed, for example, this is notified to the terminal 10 via the communication unit 15 of the terminal 10 using the communication unit 21. In the terminal 10, when the electronic value included in the electronic value data stored in the storage unit 14 is not validated, the electronic value is validated. The user U of the terminal 10 can obtain the profit (for example, a discount using a coupon) using the activated electronic value. On the other hand, if the electronic value has already been validated, if the above-described authentication is not performed by the authentication unit 23, it is detected that the electronic value has been illegally acquired. This detection may be performed by the authentication unit 23.

  The reference creation unit 24 is a part that generates reference information. The reference information is information including the reference environment information and the reference movement route described above, and is set corresponding to the store.

  Here, since the temperature of the store may change with the passage of time, the reference environment information is desirably set for each predetermined period, for example. In addition, since the area of the oscillator and the area of the radio base station existing around the store may change with the passage of time, it is desirable that the reference movement path is also set every predetermined period. Therefore, as described below, the reference creation unit 24 generates reference information according to the time zone based on information collected from a plurality of terminals (which may include the terminal 10). Below, the example of the production | generation method is demonstrated.

  For example, in the server 20, the communication unit 21 acquires environment information, time information, reception history, and the like from a terminal in which the electronic value related to the electronic value data is validated. The terminal to be acquired is a terminal 10 and a terminal (another terminal) different from the terminal 10, and may include at least one other terminal. Each piece of acquired information is stored in the storage unit 25. The reference creation unit 24 generates reference information using the environment information, time information, reception history, and the like from each terminal stored in the storage unit 25.

  Specifically, the reference creation unit 24 aggregates the environment information in each terminal and the movement route of the terminal specified from the reception history of each terminal for each predetermined period. When the reference information is reference environment information, the predetermined period may be a period in which the temperature or the like can change on the same day, for example, each period obtained by dividing one day by a length of about several hours. The reference creation unit 24 creates reference environment information as correct data from the environment information collected for each period. For example, an average value of values (values such as temperature, atmospheric pressure, and humidity) indicated in a plurality of collected environmental information can be used as correct answer data. When the reference information is a reference movement route, the predetermined period may be a period in which the radio area of the transmitter can change, for example, a period of several days. The reference creation unit 24 creates the reference movement route as correct data from the reception history totalized for each period. For example, a movement route specified from a plurality of aggregated reception histories may be correct data. There may be a plurality of correct data for the travel route. In this case, a plurality of reference travel routes are created.

  As described above, the reference creation unit 24 can create the reference environment information and the reference movement route as reference information. As described above, since the reference information is set corresponding to the store, for example, when the electronic value data is supplied at the store 5, the created reference information corresponds to the store 5. Is set. The storage unit 25 stores the store information of the store 5 and the reference information created by the reference creating unit 24 in association with each other.

  The storage unit 25 is a part that stores various information. Specifically, the storage unit 25 stores reference information for each store created by the reference creation unit 24, that is, the above-described reference environment information and reference movement route. Data necessary for creating reference information by the reference creating unit 24, for example, environment information, time information, reception history, etc. from other terminals may be stored in the storage unit 25.

  Next, operations of the terminal 10 and the server 20 will be described with reference to FIG. FIG. 5 is a flowchart illustrating an example of processing executed in the authentication system 1.

  First, in the terminal 10, the processes of steps S1 to S4 are executed.

  In step S1, the terminal 10 receives a transmission signal. Specifically, the signal receiving unit 13 of the terminal 10 receives a transmission signal from a transmitter and a cellular signal from a radio base station. The reception result of the signal receiving unit 13 is stored in the storage unit 14 as a reception history.

  In step S2, the terminal 10 acquires sensor data. Specifically, the environment sensor 11 acquires values such as temperature, atmospheric pressure, geomagnetism, and humidity as environment information. The acquisition result of the environmental sensor 11 is stored in the storage unit 14.

  In step S3, the terminal 10 determines whether electronic value data has been supplied. Specifically, when the data acquisition unit 12 acquires electronic value data, it is determined that the electronic value data is supplied. The electronic value data acquired by the data acquisition unit 12 is stored in the storage unit 14. Store information related to the electronic value data is also stored in the storage unit 14. When the electronic value data is supplied (step S3: YES), the terminal 10 advances the process to step S4. When that is not right (step S3: NO), the terminal 10 returns a process to step S1 again.

  In step S4, the terminal 10 transmits each data to the server. Specifically, the communication unit 15 stores the reception history stored in the storage unit 14 in the previous step S1, the environment information stored in the storage unit 14 in the previous step S2, and the storage unit 14 in the previous step S3. The store information related to the electronic value data thus transmitted is transmitted to the communication unit 21 of the server 20.

  In response to the execution of the process of step S4 in the terminal 10, the server 20 executes the processes of steps S11 to S15.

  In step S11, the server 20 acquires each data. Specifically, the communication unit 21 receives the reception history, the environment information, the store information related to the electronic value data, and the like transmitted by the communication unit 15 of the terminal 10 in the previous step S4.

  In step S12, the server 20 performs a comparison process. Specifically, the comparison unit 22 performs a comparison process using each data acquired in the previous step S11. For example, when the first comparison process is executed, it is determined whether or not the environment information in the terminal 10 at the supply time of the electronic value data matches the reference environment information. When the second comparison process is executed, it is determined whether or not the movement path of the terminal 10 of the electronic value data matches the reference movement path. Both the first comparison process and the second comparison process may be executed. Note that the reference environment information and the reference movement path are created by the reference creation unit 24 prior to the execution of the comparison process by the comparison unit 22 in step S12. For example, the reference environment information and the reference movement path that have already been generated by the reference creation unit 24 and stored in the storage unit 25 may be used in this step S12. In this step S12, the reference creation unit 24 After the reference movement route is created, the comparison process by the comparison unit 22 may be executed.

  In step S13, the server 20 determines whether or not the position of the terminal at the time of supplying the electronic value data is appropriate. This process is executed by the authentication unit 23, for example. Specifically, when the comparison result in the previous step S12 is “match”, it is determined that the terminal position at the time of supplying the electronic value data is appropriate. That is, it is authenticated that the terminal 10 is located in the store 5 at the time of electronic value data supply, and that the electronic value data supplied to the terminal 10 is legitimately acquired. If the comparison result is “not coincident”, it is determined that the position of the terminal at the time of supplying the electronic value data is not appropriate. If the position of the terminal at the time of supplying the electronic value data is appropriate (step S13: YES), the server 20 advances the process to step S14. When that is not right (step S13: NO), the server 20 advances a process to step S15. When both the first comparison process and the second comparison process are executed in the previous step S12, for example, the comparison result of both processes is a result of “match”. In addition, it may be determined that the position of the terminal at the time of supplying the electronic value data is appropriate.

  In step S14, the server 20 processes the electronic value data as normal data. For example, the communication unit 21 notifies the communication unit 15 of the terminal 10 that the electronic value data supplied to the terminal 10 has been obtained properly. In the terminal 10, when the electronic value related to the electronic value data stored in the storage unit 14 is not validated, the electronic value is validated. The user U of the terminal 10 can use the electronic value.

  In step S15, the server 20 processes the electronic value data as abnormal data. For example, the communication unit 21 notifies the communication unit 15 of the terminal 10 that the electronic value data supplied to the terminal 10 has been obtained improperly. In the terminal 10, the electronic value related to the electronic value data stored in the storage unit 14 is not validated. The user U of the terminal 10 cannot use the electronic value. When the electronic value has already been validated, for example, the authentication unit 23 detects that the electronic value has been illegally acquired.

  After the process of step S14 or step S15 is completed, the process of the flowchart ends.

  According to the server 20 described above, in order to authenticate that the terminal 10 is located in the store 5 at the supply time of the electronic value data, the environmental information in the terminal 10 at the supply time of the electronic value data is set in advance. The compared reference environment information is compared (step S12). Here, if the user U of the terminal 10 actually visits the store 5, the environmental information at that time is environmental information specific to the store 5, but it is difficult to disguise the same environmental information in another place. Possible (Fig. 3). If environment information that is not easily camouflaged is used as reference environment information and the above-described comparison is performed, based on the comparison result, the terminal 10 is located in the store 5 at the supply time of the electronic value data (the user of the terminal 10) U actually visited the store 5) can be authenticated. For example, if the electronic value before being activated in the store 5 is supplied to the terminal 10, then the electronic value data is only obtained when it is authenticated that the user U of the terminal 10 actually visited the store 5. The terminal of the user who does not visit the store 5 by activating the electronic value (step S13: YES, step S14), and otherwise not activating the electronic value (step S13: NO, step S14) Thus, illegal acquisition of electronic value can be suppressed. If the electronic value after being activated in the store 5 is supplied to the terminal 10, then if the user U of the terminal 10 is not authenticated to actually visit the store, the electronic value is obtained illegally. This can be detected after the fact (step S13: NO, step S15).

  In the comparison, the movement route of the terminal 10 in a time zone determined based on the supply time of the electronic value data may be compared with a preset reference movement route (step S12). Here, if the user U of the terminal 10 actually visits a store, the travel route at that time is a travel route specific to the store, but it is difficult to disguise the same travel route in another place. (FIG. 4). For example, it is conceivable that the terminal 10 authenticates that the terminal 10 is located in the store 5 by receiving a transmission signal from the transmitter 3 (FIG. 1) provided near the store 5. However, in this case, the transmission signal of the transmitter 3 may be camouflaged and used in another place (near the device 6E in FIG. 4). As described above, since the movement path is characterized by a plurality of transmitters (and radio base stations), impersonation is difficult. If a travel route that is not easily camouflaged is used as a reference travel route and the above-described comparison is performed, it can be authenticated that the user U of the terminal 10 has actually visited the store 5 based on the comparison result. Therefore, as described above, it is possible to prevent the electronic value from being illegally acquired by a terminal of a user who does not visit the store 5.

  The time zone determined based on the supply time may include a time zone until the electronic value is supplied to the terminal 10. In this case, for example, the above comparison can be completed using only the movement route (route R5 and route R7 in FIG. 4) up to the supply time of the electronic value. Can be done immediately. By using the comparison result of the movement route that is difficult to be camouflaged, the accuracy of the determination can be increased. This comparison method is useful when, for example, the electronic value related to the electronic value data supplied to the terminal 10 of the user U who has visited the store 5 is immediately used at the store 5.

  The time zone determined based on the supply time may include a time zone after the electronic value is supplied to the terminal 10. In this case, for example, the above-described comparison can be performed using the movement route (route R6, route R8 in FIG. 4) in the time zone after the supply time of the electronic value. There is a possibility. This comparison method is useful, for example, when the electronic value related to the electronic value data supplied to the terminal 10 of the user U who has visited the store 5 is used later.

  Both the comparison of the environmental information and the comparison of the movement paths may be performed (step S12). By performing both comparisons, the reliability of the comparison results can be further improved.

  The reference creation unit 24 may create a reference movement route based on the reception history and supply time for at least one other terminal to which the electronic value is supplied and the electronic value is validated. The reference creation unit 24 may create reference environment information based on environment information and supply time for at least one other terminal to which the electronic value is supplied and the electronic value is validated. As a result, it is possible to set appropriate reference environment information and a reference movement route as time passes.

  Note that the block diagram (FIG. 2) used in the description of the above embodiment shows functional unit blocks. These functional blocks (components) are realized by any combination of hardware and / or software. Further, the means for realizing each functional block is not particularly limited. That is, each functional block may be realized by one device physically and / or logically coupled, and two or more devices physically and / or logically separated may be directly and / or indirectly. (For example, wired and / or wireless), and may be realized by a plurality of these devices.

  For example, the server 20 according to an embodiment of the present invention may function as a computer that performs processing such as the comparison unit 22, the authentication unit 23, and the reference creation unit 24 according to the present embodiment. FIG. 6 is a diagram illustrating an example of a hardware configuration of the server 20 according to the present embodiment. The terminal 10 may also have a hardware configuration similar to that of the server 20. Hereinafter, the server 20 will be described. The server 20 may be physically configured as a computer device including a processor 1001, a memory 1002, a storage 1003, a communication device 1004, an input device 1005, an output device 1006, a bus 1007, and the like.

In the following description, the term “apparatus” can be read as a circuit, a device, a unit, or the like. The hardware configuration of the server 20 may be configured to include one or a plurality of devices illustrated in the figure, or may be configured not to include some devices.
Each function in the server 20 is performed by reading predetermined software (program) on hardware such as the processor 1001 and the memory 1002, so that the processor 1001 performs an operation and performs communication by the communication device 1004 and in the memory 1002 and the storage 1003. This is realized by controlling reading and / or writing of data.

  For example, the processor 1001 controls the entire computer by operating an operating system. The processor 1001 may be configured by a central processing unit (CPU) including an interface with peripheral devices, a control device, an arithmetic device, a register, and the like. For example, the comparison unit 22, the authentication unit 23, the reference creation unit 24, and the like may be realized by the processor 1001.

  Further, the processor 1001 reads a program (program code), software module, and data from the storage 1003 and / or the communication device 1004 to the memory 1002, and executes various processes according to these. As the program, a program that causes a computer to execute at least a part of the operations described in the above embodiments is used. For example, the comparison unit 22, the authentication unit 23, and the reference creation unit 24 of the server 20 may be realized by a control program stored in the memory 1002 and operated by the processor 1001, and may be realized similarly for other functional blocks. Also good. Although the above-described various processes have been described as being executed by one processor 1001, they may be executed simultaneously or sequentially by two or more processors 1001. The processor 1001 may be implemented by one or more chips. Note that the program may be transmitted from a network via a telecommunication line.

  The memory 1002 is a computer-readable recording medium, and includes, for example, at least one of ROM (Read Only Memory), EPROM (Erasable Programmable ROM), EEPROM (Electrically Erasable Programmable ROM), RAM (Random Access Memory), and the like. May be. The memory 1002 may be called a register, a cache, a main memory (main storage device), or the like. The memory 1002 can store a program (program code), a software module, and the like that can be executed to implement the wireless communication method according to the embodiment of the present invention.

  The storage 1003 is a computer-readable recording medium such as an optical disc such as a CD-ROM (Compact Disc ROM), a hard disc drive, a flexible disc, a magneto-optical disc (eg, a compact disc, a digital versatile disc, a Blu-ray). (Registered trademark) disk, smart card, flash memory (for example, card, stick, key drive), floppy (registered trademark) disk, magnetic strip, and the like. The storage 1003 may be referred to as an auxiliary storage device. The storage medium described above may be, for example, a database, server, or other suitable medium that includes memory 1002 and / or storage 1003.

  The communication device 1004 is hardware (transmission / reception device) for performing communication between computers via a wired and / or wireless network, and is also referred to as a network device, a network controller, a network card, a communication module, or the like. For example, the communication unit 21 described above may be realized by the communication device 1004.

  The input device 1005 is an input device (for example, a keyboard, a mouse, a microphone, a switch, a button, a sensor, etc.) that accepts an input from the outside. The output device 1006 is an output device (for example, a display, a speaker, an LED lamp, etc.) that performs output to the outside. Note that the input device 1005 and the output device 1006 may have an integrated configuration (for example, a touch panel).

  Each device such as the processor 1001 and the memory 1002 is connected by a bus 1007 for communicating information. The bus 1007 may be configured with a single bus or may be configured with different buses between apparatuses.

  The server 20 includes hardware such as a microprocessor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a programmable logic device (PLD), and a field programmable gate array (FPGA). Some or all of the functional blocks may be realized by the hardware. For example, the processor 1001 may be implemented with at least one of these hardware.

  Although the present embodiment has been described in detail above, it will be apparent to those skilled in the art that the present embodiment is not limited to the embodiment described in this specification. The present embodiment can be implemented as a modification and change without departing from the spirit and scope of the present invention defined by the description of the scope of claims. Therefore, the description of the present specification is for illustrative purposes and does not have any limiting meaning to the present embodiment.

  Each aspect / embodiment described herein includes LTE (Long Term Evolution), LTE-A (LTE-Advanced), SUPER 3G, IMT-Advanced, 4G, 5G, FRA (Future Radio Access), W-CDMA. (Registered trademark), GSM (registered trademark), CDMA2000, UMB (Ultra Mobile Broadband), IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802.20, UWB (Ultra-WideBand), The present invention may be applied to a Bluetooth (registered trademark), a system using another appropriate system, and / or a next generation system extended based on the system.

  As long as there is no contradiction, the order of the processing procedures, sequences, flowcharts, and the like of each aspect / embodiment described in this specification may be changed. For example, the methods described herein present the elements of the various steps in an exemplary order and are not limited to the specific order presented.

  Input / output information or the like may be stored in a specific location (for example, a memory) or may be managed by a management table. Input / output information and the like can be overwritten, updated, or additionally written. The output information or the like may be deleted. The input information or the like may be transmitted to another device.

  For example, the determination for performing the determination may be performed by a value represented by 1 bit (0 or 1), may be performed by a true value (Boolean: true or false), or may be a numerical value. It may be performed by comparison (for example, comparison with a predetermined value).

  Each aspect / embodiment described in this specification may be used independently, may be used in combination, or may be switched according to execution. Further, notification of predetermined information (for example, notification of “being X”) is not limited to explicitly performed, but is performed implicitly (for example, notification of the predetermined information is not performed). Also good.

  Software, whether it is called software, firmware, middleware, microcode, hardware description language, or other names, instructions, instruction sets, codes, code segments, program codes, programs, subprograms, software modules , Applications, software applications, software packages, routines, subroutines, objects, executable files, execution threads, procedures, functions, etc. should be interpreted broadly.

  Also, software, instructions, etc. may be transmitted / received via a transmission medium. For example, software may use websites, servers, or other devices using wired technology such as coaxial cable, fiber optic cable, twisted pair and digital subscriber line (DSL) and / or wireless technology such as infrared, wireless and microwave. When transmitted from a remote source, these wired and / or wireless technologies are included within the definition of transmission media.

  Information, signals, etc. described herein may be represented using any of a variety of different technologies. For example, data, instructions, commands, information, signals, bits, symbols, chips, etc. that may be referred to throughout the above description are voltages, currents, electromagnetic waves, magnetic fields or magnetic particles, light fields or photons, or any of these May be represented by a combination of

  Note that the terms described in this specification and / or terms necessary for understanding this specification may be replaced with terms having the same or similar meaning. For example, the signal may be a message.

  As used herein, the terms “system” and “network” are used interchangeably.

  Further, the information described in the present specification may be represented by an absolute value, a relative value from a predetermined value, or may be represented by other corresponding information.

  A mobile communication terminal is defined by those skilled in the art as a subscriber station, mobile unit, subscriber unit, wireless unit, remote unit, mobile device, wireless device, wireless communication device, remote device, mobile subscriber station, access terminal, mobile terminal, It may also be referred to as a wireless terminal, remote terminal, handset, user agent, mobile client, client, or some other appropriate terminology.

  As used herein, the term “determining” may encompass a wide variety of actions. “Judgment” can be, for example, calculating, computing, processing, deriving, investigating, looking up (eg, in a table, database, or another data structure Search), ascertaining what has been ascertaining, and so on. Also, “determining” includes receiving (eg, receiving information), transmitting (eg, transmitting information), input (input), output (output), access (accessing) ( For example, it may include “determining” that the data in the memory is accessed). Also, “determining” may include resolving, selecting, selecting, establishing, comparing, and the like as “determining”. That is, “determining” may include considering that some operation has been “determined”.

  As used herein, the phrase “based on” does not mean “based only on,” unless expressly specified otherwise. In other words, the phrase “based on” means both “based only on” and “based at least on.”

  Where the designation "first", "second", etc. is used herein, any reference to that element does not generally limit the amount or order of those elements. These designations can be used herein as a convenient way to distinguish between two or more elements. Thus, a reference to the first and second elements does not mean that only two elements can be employed there, or that in some way the first element must precede the second element.

  The “means” in the configuration of each apparatus described above may be replaced with “unit”, “circuit”, “device”, and the like.

  These terms are similar to the term “comprising” as long as “include”, “including” and variations thereof are used herein or in the claims. It is intended to be comprehensive. Furthermore, the term “or” as used herein or in the claims is not intended to be an exclusive OR.

  In this specification, a plurality of devices are also included unless there is only one device that is clearly present in context or technically.

  Throughout this disclosure, the plural is included unless the context clearly indicates one.

  DESCRIPTION OF SYMBOLS 1 ... Authentication system, 3 ... Transmitter, 5 ... Store, 10 ... Terminal, 11 ... Environmental sensor, 12 ... Data acquisition part, 13 ... Signal receiving part, 14 ... Memory | storage part, 15 ... Communication part, 20 ... Server, 21 Communication unit (environmental information acquisition unit, time information acquisition unit), 22 Comparison unit (comparison unit), 23 Authentication unit, 24 Reference creation unit, 25 Storage unit.

Claims (7)

Environmental information acquisition means for acquiring environmental information on at least one of temperature, atmospheric pressure, geomagnetism and humidity at the terminal;
Time information acquisition means for acquiring the supply time of the electronic value related to the store to the terminal;
In order to authenticate that the terminal was located in the store at the supply time, the environment information at the supply time specified from the acquisition results of the environment information acquisition means and the time information acquisition means; Comparison means for comparing with reference environment information set in advance corresponding to the store,
An authentication device comprising: A reception history acquisition means for acquiring reception histories at terminals of transmission signals from a plurality of transmitters;
Time information acquisition means for acquiring the supply time of the electronic value related to the store to the terminal;
In order to authenticate that the terminal was located in the store at the supply time, a time period determined based on the supply time specified from the acquisition results of the reception history acquisition means and the time information acquisition means A comparison means for comparing the travel route of the terminal at a reference travel route set in advance corresponding to the store;
An authentication device comprising: The time zone determined based on the supply time includes a time zone until the electronic value is supplied to the terminal.
The authentication device according to claim 2. The time zone determined based on the supply time includes a time zone since the electronic value was supplied to the terminal.
The authentication device according to claim 2 or 3. Environmental information acquisition means for acquiring environmental information on at least one of temperature, atmospheric pressure, geomagnetism and humidity at the terminal,
The comparison means further includes: the environmental information at the supply time specified from the acquisition results of the environmental information acquisition means and the time information acquisition means; and environmental information set in advance corresponding to the store. Compare,
The authentication device according to any one of claims 2 to 4. The reference movement path is created based on the reception history and the supply time for at least one other terminal to which the electronic value is supplied and the electronic value is activated.
The authentication device according to any one of claims 2 to 5. The reference environment information is created based on the environment information and the supply time for at least one other terminal to which the electronic value is supplied and the electronic value is activated,
The authentication device according to claim 1.

Images